Password generators

PingDirectory server provides support for password generators that are used under a variety of conditions.

These conditions include:

If a client uses the password modify extended request to perform a self password change or an administrative password reset but does not include a new password in that request. In this case, the server can use a password generator to create a new password for the user and return it to the client in the password modify extended response.
If a client uses an add request to create a new entry and includes the request control with that add request. The server generates a new password for that entry and returns it in a response control included with the add response.
If the client uses the generate password extended operation, which can be used to request that the server generate one or more suggested passwords for a user. The server generates the requested number of passwords and returns them in the extended response.
If the client uses the deliver one-time password extended operation, which can be used to generate a one-time password for use in the UNBOUNDID-DELIVERED-OTP SASL bind request.
If the client uses the deliver password reset token extended operation, which can be used to generate a password reset token that can be used as an alternative to the user’s current password the password modify extended request.
If the client uses the deliver single-use token extended operation, which can be used to generate a token that can be used in conjunction with the consume single-use token extended operation.

You can configure the deliver one-time password, deliver password reset token, and deliver single-use token extended operation handlers to explicitly state the password generator that the server should use when creating those tokens. For the other use cases above, the server uses the password generator that is associated with the user’s password policy. This can be specified with the following configuration property:

password-generator: Specifies the password generator that should be used for requests that require the server.

Use the UnboundID Server SDK to create custom password generator implementations.

Random password generator

The random password generator constructs a password using a specified format.

It offers the following configuration properties:

password-character-set: Defines the character sets that can be used when generating passwords. Each character set should consist of a name followed by a colon and the set of characters that set contains (for example, alpha:abcdefghijklmnopqrstuvwxyz or numeric:0123456789). Multiple character sets can be configured.
password-format: Specifies the format that should be used when generating passwords. This should be a comma-delimited list in which each item is the name of a character set followed by a colon and the number of characters to include from that set (for example, alpha:3,numeric:2,alpha:3 indicates that the generated password should consist of three alphabetic characters followed two numeric digits and three more alphabetic characters).

Passphrase password generator

The passphrase password generator attempts to construct strong, memorable passphrases by combining multiple randomly selected words from a given dictionary file.

This password generator offers the following configuration properties:

dictionary-file: The path to the file containing the words to use when generating passwords. By default, the server includes a passphrase-wordlist.txt file with a large number of non-offensive English-langauge words.
minimum-password-characters: The minimum number of characters that should be included in the generated passphrase. The passphrase includes enough words to ensure that the minimum character count is reached. By default, generated passphrases include a minimum of 20 characters.
minimum-password-words: The minimum number of words that should be included in the generated passphrase. By default, passphrases contain at least four words.
capitalize-words: Indicates whether the first letter of each word should be capitalized, which can help make it easier to identify the words contained in the passphrase. By default, each word is capitalized. Generated passphrases are case-sensitive.